Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Project publishes a policy template to help any organization (company or non-profit) quickly explore options for their own policy creation. This has now been updated with an “Example Policy Text” tab that shows options to inspire teams as they iterate.
You can also find all the previous versions of the policy template in the sub-folder marked “old” at the link above.
Credit:
Huge thanks to Martin Yagi for driving this improvement.
Help Make This Better:
Remember, this is a living document, so your own suggestions, improvements or corrections are most welcome! We coordinate our editing through our Education Work Group mailing list:
Oscar Goñi (Quique) discussed research around LLM generated code and the potential for risks associated with open source license compliance. This event looked at source code similarity detection via open source tooling.
Watch the Webinar:
Abstract:
Oscar Goñi (Quique) has investigated source code similarity detection in Large Language Model (LLM) out-puts using the SCANOSS platform. While recent research has identified concerns regarding LLMs generating code that closely resembles their training data, the full extent of this similarity across the broader open-source ecosystem remained unexplored. Quique will describe during this talk his findings, which indicate that code similarity in LLM outputs may be more prevalent than previously indicated when evaluated against a broader open-source code base. At the same time, Quique will describe how this study contributes to the ongoing discussion of LLM-generated code’s originality and its implications for software licensing compliance, while validating the effectiveness of lightweight similarity detection algorithms as preliminary indicators for more comprehensive analysis. Finally, a Q&A session hopefully will provide participants some light of the implications of the study and to Quique about next steps in his research.
Oscar Enrique (Quique) Goñi, UNICEN, Professor – STF Head of academic program
Oscar Enrique Goñi is a systems engineer who graduated from the National University of the Center of the Province of Buenos Aires, Faculty of Exact Sciences (Argentina, 2009), and holds a Ph.D. in Computer Science from the National University of La Plata (Argentina, 2015). Since 2004, he has been engaged in teaching and research activities at the National University of the Center of the Province of Buenos Aires. Additionally, he has led the design and management of critical systems projects, as well as in data mining and high-performance systems.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
S-core, Self-Certified for OpenChain ISO/IEC 18974 International Standard
S-core, an open source specialist with extensive experience in open source-based infrastructure development, has adopted OpenChain ISO/IEC 18974, an international standard for open source security assurance. This achievement builds upon the company’s existing OpenChain ISO/IEC 5230 certification for license compliance and extends their commitment to robust security across the open source supply chain.
With this certification, S-core has been able to strengthen open source security management and establish a more systematic approach and management system.
Sunghan Suh, Head of the Open Source Business Division at S-core, stated, said “ISO /IEC 18974 certification has established a systematic process and culture for open source management, enabling us to accelerate innovation and enhance quality and security.” With the OpenChain ISO/IEC 18974 certification, S-core has proven its leadership in open source utilization and consulting. We have been actively utilizing open source and contributing to the community for a long time, and we are leading the creation of value from open source by sharing and collaborating with various companies with our accumulated open source expertise.
About S-core:
S-core specializes in open source services with extensive experience across various technology fields. The company provides comprehensive solutions including open source adoption & migration, technical support and governance consulting, and governance consulting. Through these services, S-core enables customers to safely and efficiently utilize open source technologies within robust management frameworks.
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.
Get Involved:
Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.
The OpenAtom Foundation held an Open Source Strategy Session on the 29th of May in Beijing, and the OpenChain Project was represented by the Chair of our China Work Group, Zhenhua Sun of ByteDance. An overview of OpenChain was provided to the audience, and there was an opportunity for questions from the community.
The OSS Review Toolkit (ORT) is a FOSS policy automation and orchestration toolkit that you can use to manage your (open source) software dependencies in a strategic, safe and efficient manner. This webinar digs into how the Erlang Ecosystem Foundation (EFF) makes use of this tool to address compliance issues.
Watch the Webinar:
This is part of the OpenChain and Friends: Stuttgart – Follow-Up Webinar Series:
Once upon a time, researchers at Ericsson developed Erlang/OTP, a programming language for the telecom industry. 39 years later, Erlang/OTP is used by the telecom, messaging, banking, and even game industry. Not only that, new languages were created and run on top of the Erlang BEAM virtual machine: Elixir, now a well-established language, and Gleam, the newest addition.
The proliferation of libraries and languages powering the BEAM ecosystem led to the creation of the Erlang Ecosystem Foundation (EFF),a foundation that caters for the BEAM ecosystem.
Today, 39 years from the creation of Erlang, it is not an easy task to categorise and be compliant with the more than 13000 (total) files that make up Erlang, Elixir, and Gleam. Yet, Erlang and Elixir are OpenChain compliant, and Gleam compliance is work in progress.
What steps took EEF towards making sure that Erlang, Elixir, and Gleam comply with the different licenses and copyrights?
This presentation features the collaboration between the Erlang/OTP team (Ericsson) and the Erlang Ecosystem Foundation (EEF), and the steps taken, and experience of using ORT as a crucial part of the EEF Ecosystem.
Our Speaker:
My name is Kiko Fernandez-Reyes and I work as a software engineer in the OTP team, building and improving the Erlang programming language at Ericsson. Before that, I was a backend software engineer at Klarna.
Before Klarna, (in 2014) I did my Ph.D. at Uppsala University where I developed concurrent and parallel programming languages for our research compiler. Among them, I developed typed-based optimisations for future-based programming languages and a capability-based dynamic language design that maintains data-race freedom and satisfies the gradual guarantee.
Experience: I have industrial experience with Haskell, Erlang, Python, among others and deployment languages and technologies, ranging from AWS to Ansible. During my research I have used heavily Haskell and C, and some Scala. I was the main lecturer of the course Advanced Software Design, where I taught object-oriented design ~80 master students.
My work has received the following awards: – Distinguished Artifact Award at Software Language Engineering (SLE), 2019 – Distinguished Artifact Award at European Conference in Object-oriented Programming (ECOOP), 2019 – Best Paper Award at International Federated Conference on Distributed Computing Techniques (DisCoTec), 2018 – Best Paper Award at International Conference on Coordination Models and Languages (COORDINATION), 2018
Interests: I am interested in type systems, programming languages, functional programming, compilers, and different logics. I promote open source technology, writing regularly in opensource.com. I also promote gender equality through the ACM-W student chapter at Uppsala University.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Project will have a keynote and also host an OpenChain China Day at the forthcoming OSPO Summit China on the 12th of June 2025. A big thanks to the organizers of the OSPO Summit and also to our community members, especially the leading contributors to the OpenChain China Work Group.
Thank you for helping to share knowledge and to bring people together!
The 3rd OSHeart Legal Salon took place on the 24th of May 2025, and OpenChain was explained by Zhenhua Sun, Chair of the OpenChain China Work Group and leader of the ByteDance open source team. We were delighted to work together with our colleagues from OpenAtom Foundation and elsewhere in sharing more knowledge about the international standards for open source business process management.
Reflections on our lessons learned in making ISO 18974, and our process of drafting proposed updates to the standards, to try and provide a template for other projects looking at making and maintaining standards.
Education:
A review of the updated Reference Library, updated open source policy template and drafting underway for a new OpenChain Adoption Guide + discussion about and call for engagement with updates to our online training.
